Commit Graph

490 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
fb69d3e351 Backport upstream r684 (OPENPAM_DEBUG enables debugging macros but does
not turn debugging on by default) and add OPENPAM_DEBUG to CFLAGS.
2013-04-14 16:49:27 +00:00
Jung-uk Kim
068f3d2f84 Fix declaration vs. definition inconsistency. No functional change. 2013-04-05 23:41:34 +00:00
Eitan Adler
db702c59cf remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
Dag-Erling Smørgrav
a612142b11 Remove unnecessary #include. 2012-09-28 12:29:25 +00:00
Eitan Adler
eae8be706e Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
Dimitry Andric
1843e23c48 Fix an instance in pam_krb5(8), where the variable 'user' could be used
uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:44:59 +00:00
Dimitry Andric
2251b30757 Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:40:14 +00:00
Doug Rabson
957487515e Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
2012-08-05 13:40:35 +00:00
Dag-Erling Smørgrav
2f3ed61901 Update to OpenPAM Micrampelis. 2012-05-26 17:10:16 +00:00
Dag-Erling Smørgrav
8d6900eab8 Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.
2012-05-26 17:03:45 +00:00
Warren Block
344c81a166 Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR:		168016
Submitted by:	Nobuyuki Koganemaru
Approved by:	gjb
MFC after:	3 days
2012-05-24 02:24:03 +00:00
Jean-Sébastien Pédron
3902d8a991 Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.

Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.

While here, fix a warning.

Sponsored by:	Yakaz (http://www.yakaz.com)
2012-04-12 14:02:59 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Jean-Sébastien Pédron
7e3d5c1fca Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.

The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.

The environment passed to the program is extended:
    o  $PAM_SM_FUNC contains the name of the PAM service module function
       (eg. pam_sm_authenticate).
    o  All valid PAM return codes' numerical values are available
       through variables named after the return code name. For instance,
       $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.

pam_exec return code better reflects what went on:
    o  If the program exits with !0, the return code is now
       PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
    o  If the program fails because of a signal (WIFSIGNALED) or doesn't
       terminate normally (!WIFEXITED), the return code is now
       PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
    o  If a syscall in pam_exec fails, the return code remains
       PAM_SYSTEM_ERR.

waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.

Several log messages now include the PAM service module function name.

The man page is updated accordingly.

Reviewed by:	gleb@, des@
Sponsored by:	Yakaz (http://www.yakaz.com)
MFC after:	2 weeks
2012-03-26 12:18:15 +00:00
Stanislav Sedov
26ec46c8d6 - Avoid using deprecated heimdal functions in pam_krb5. 2012-03-24 01:02:03 +00:00
Stanislav Sedov
bbbc13f8cf - Avoid use of deprecated KRB5 functions. 2012-03-22 11:18:14 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Peter Wemm
925c02f9dd Rev 228065 (change bsd.own.mk -> bsd.init.mk) broke pam_unix.so by causing
the LDADD/DPADD to lose the -lpam, and causing openpam_dynamic() to fail
due to "openpam_get_options" being undefined.

This would cause obscure console log messages like:
  openpam_dynamic(): No error: 0
  openpam_load_module(): no pam_unix.so found
and other helpful messages which are no help in diagnosing the problem.

Fortunately this change was not mfc'ed to 9.x, it isn't broken there.
2012-01-18 18:26:56 +00:00
Dag-Erling Smørgrav
7f106882fe Upgrade to OpenPAM Lycopsida. 2011-12-18 17:22:45 +00:00
Max Khon
106235a4b8 .include <bsd.init.mk> instead of <bsd.own.mk>
The former allows common settings from ../Makefile.inc to be used.
2011-11-28 14:01:17 +00:00
Dag-Erling Smørgrav
dcf83bf794 Revert r227841 and part of r227798. We still build libpam in two passes,
but we use STATIC_CFLAGS instead of our own private .c.o rule.

MFC after:	3 weeks
2011-11-24 13:18:58 +00:00
Dag-Erling Smørgrav
e03e3b699e Simplify the libpam build by removing the shared modules' dependency
on the shared library.  The modules are loaded by the library, so we
know it'll be there when we need it.

MFC after:	3 weeks
2011-11-21 16:40:39 +00:00
Dag-Erling Smørgrav
4520e72ebf key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after:	1 week
Noticed by:	Guy Helmer <guy.helmer@palisadesystems.com>
2011-11-20 15:18:49 +00:00
Ed Schouten
f1b61fc829 Ensure pam_lastlog removes the /dev/ component of the TTY name.
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).

Discussed with:	des
MFC after:	1 week
2011-11-07 19:57:42 +00:00
Ed Schouten
82a36aefae Remove an unused variable from pam_unix.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.

Discussed with:	des
2011-11-05 10:00:29 +00:00
Dag-Erling Smørgrav
23b8f4d84a Note that pam_unix(8) does not respect PAM_CHANGE_EXPIRED_AUTHTOK. 2011-11-02 23:40:21 +00:00
Dag-Erling Smørgrav
907c13d85f Revert the previous commit and add a comment explaining why it was wrong. 2011-10-22 14:08:21 +00:00
Dag-Erling Smørgrav
5acce7d734 openpam_static.c isn't auto-generated. 2011-10-22 04:39:12 +00:00
Dag-Erling Smørgrav
32627537b8 Load the ECDSA key if there is one.
MFC after:	1 week
2011-10-07 12:58:33 +00:00
Dag-Erling Smørgrav
864cac079f Mention the name of the module in warning messages. 2011-03-12 11:26:37 +00:00
Dag-Erling Smørgrav
e84da6fb39 Add "ruser" and "luser" options. The former corresponds to the current
behavior, where the module checks that the supplicant is a member of the
required group.  The latter checks the target user instead.  If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.

MFC after:	1 month
2011-03-12 11:12:30 +00:00
Dag-Erling Smørgrav
8e391be103 No newline required.
MFC after:	2 weeks
2011-03-09 14:38:00 +00:00
Dag-Erling Smørgrav
beb8ef4a7d Add <time.h> for ctime(), which we accidentally picked up through
<sys/time.h>.

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
MFC after:	3 days
2010-11-22 14:45:16 +00:00
Xin LI
f93beda98a Bump .Dd date.
Forgotten by:	delphij
2010-05-03 09:49:42 +00:00
Martin Matuska
54c7282725 Code indent according to style(9).
PR:		bin/146186
Submitted by:	myself
Approved by:	delphij (mentor)
MFC after:	2 weeks
2010-05-03 07:39:51 +00:00
Martin Matuska
551e75c7af Implement the no_user_check option to pam_krb5.
This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR:		bin/146186
Submitted by:	myself
Approved by:	deplhij (mentor)
MFC after:	2 weeks
2010-05-03 07:32:24 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Ulrich Spörlein
7729e3ba40 Remove redundant WARNS?=6 overrides and inherit the WARNS setting from
the toplevel directory.

This does not change any WARNS level and survives a make universe.

Approved by:        ed (co-mentor)
2010-03-02 18:44:08 +00:00
Ulrich Spörlein
47e1a877c5 Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
Ruslan Ermilov
e363756c8f %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
Dag-Erling Smørgrav
cc5c81f89d Respect passwordtime from login.conf if set.
PR:		bin/93473
Submitted by:	Björn König <bkoenig@cs.tu-berlin.de>
MFC after:	1 week
2010-02-02 13:47:18 +00:00
Ed Schouten
0806dd9238 Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
Ed Schouten
d1b8647f1c Let pam_lastlog use random ut_id's.
By using random values for ut_id, not based on the TTY name, it is
possible to run for example login(1) multiple times on the same TTY,
without overwriting any previous records.

The output of w(1) will then be as follows:

| 12:26PM  up 2 days,  2:31, 5 users, load averages: 0.01, 0.03, 0.03
| USER       TTY      FROM                      LOGIN@  IDLE WHAT
| ed         pts/2    mekker.80386.nl          12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w

Approved by:	des
2010-01-18 11:29:51 +00:00
Marcel Moolenaar
d3e5c802a9 Unbreak builds with _FREEFALL_CONFIG=yes, by forcing a lower WARNS
level in that case.
2010-01-17 19:47:42 +00:00
Ed Schouten
2957240805 Let pam_lastlog use utmpx instead of libulog's utmpx interface.
It will still use ulog_login(3) and ulog_logout(3), which will remain
present.
2010-01-13 18:32:31 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Ed Schouten
444999a314 Several refinements to libulog's API.
- Only set the fields in the ulog_utmpx structure that are valid for the
  command in question. This means that strings like "shutdown" or "~"
  are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
  the `antique' filename. If we ever get rid of utmp, it makes little
  sense calling it by its old name.
2009-12-26 22:36:05 +00:00
Ed Schouten
17c79ad08c Convert pam_lastlog(8) to libulog.
The information used by the "Last login:"-line is obtained by using
ulog_setutxfile(3) to switch to the lastlog database. Login and logout
are performed using the utility functions ulog_login(3) and
ulog_logout(3).

This also means we must build libulog during bootstrap.

Approved by:	des
2009-12-11 14:15:55 +00:00
Dag-Erling Smørgrav
13e1b162b9 Note that nullok should not be used by processes that can't access the
password database.

PR:		bin/126650, misc/140514
MFC after:	1 week
2009-11-13 11:19:26 +00:00
Dag-Erling Smørgrav
040b962309 pam_ssh needs roaming_dummy to link correctly against libssh. 2009-10-05 18:56:18 +00:00